[Samba] Removing Everyone access on Samba shares

Henrik Zagerholm henke at mac.se
Thu Aug 17 06:38:07 GMT 2006


Hi list,

My setup:
Debian etch (ext3 with acl) with Samba 3.0.22, kerberos5, winbind.

Samba box added to a Windows 2003 Domain.
Winbind works as expected. It is possible to use domain accounts to  
access the shares.

What I wonder is how to remove the Everyone and Domain Users entries  
in the Security Tab in Windows.
As I understand it. Everyone always show because of the POSIX "other"  
in the ext3 filesystem or?

Can I use domain accounts with force group and force user?
Is there a way to configure my shares so the permissions are  
inherited on files and folders created on my share?
I've also tried different local acls with setfacl and it has helped  
me some but now I'm confused of where to put what. :)

smb.conf
[global]
         workgroup = NVS
         netbios name  = sambacube
         server string = Sambacube
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind enum groups = yes
         winbind enum users = yes
         winbind use default domain = yes
         log file = /var/log/samba/log.smbd
         max log size = 50
         realm = NVS.COM
         security = ads
         password server = 10.170.0.40
         encrypt passwords = yes
         domain master = no
         preferred master = no
         wins server = 10.170.0.40
         dns proxy = no
         unix charset = UTF-8
         display charset = UTF-8
         enable privileges = yes
         nt acl support = yes
         dos filemode = yes
         security mask = 0777
         force security mode = 0
         directory security mask = 0777
         force directory security mode = 0
         force create mode = 0660
         force directory mode = 0770

[Projekt]
         path = /home/affe/projekt
         read only = No
         admin users = Administrator,@"NVS\Domain-Admins"
         valid users = @"NVS\114-KRS-Users",@"NVS\Domain Admins"
         write list = @"NVS\114-KRS-Users",@"NVS\Domain Admins"

Filesystem acl:

debian:/etc/samba# getfacl /home/affe/projekt

# file: home/affe/projekt
# owner: administrator
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
group:114-KRS-Users:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:group:114-KRS-Users:rwx
default:mask::rwx
default:other::---

Regards,
Henrik


More information about the samba mailing list